IN THE CLAIMS 



This listing of claims will replace all prior versions, and listings, of claims in the 
application: 
Listing of Claims: 

1. (Currently Amended) A method for routing data packets for network flow analysis by a 
multi-processor system having a plurality of processors, comprising: 

receiving a data packet, the data packet comprising data sufficient to identify a 
network connection with which the data packet is associated; 

calculating a hash value based on said data sufficient to identify the network 
connection with which the data packet is associated; and 

assigning the data packet based on said hash value to one of said plurality of 
processors for analysis by using a number of bits of the hash value, wherein the number of bits 
used is not necessarily the total number of bits of the hash value and the number of bits used is 
determined at least in part by the number of processors included in said plurality of processors; 

wherein the data packet is assigned to said one of said plurality of processors by 
storing in a work queue associated with said one of said plurality of processors a pointer to a 
storage location in which data comprising the data packet is stored; and the processor is 
configured to read the pointer, use the pointer to read the data comprising the data packet directly 
from the storage location in which said data comprising the data packet is stored, use the data 
comprising the data packet to perform a network flow analysis with respect to a network flow 
with which the data packet is associated, and store in a return queue associated with the 
processor a data indicating that the processor is finished processing the data comprising the data 
packet; and wherein the data indicating that the processor is finished processing the data 
comprising the data packet is used to determine that the storage location is available to be used to 
store a subsequently received data comprising a subsequently received data packet, 

wh e rein e ach of said processors is configur e d to perform concurr e ntly two or 
mor e n e twork flow analysis relat e d tasks and data pack e ts ar e assigned to processors in a manner 
that e nabl e s us e of th e r e spectiv e proc e ssors to b e maximiz e d e v e n if th e split of information 
flows b e tw ee n tasks is un e v e n . 
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2. (Original) The method of claim 1, wherein said data sufficient to identify the network 
connection with which the data packet is associated comprises address data. 

3. (Original) The method of claim 1, wherein said data sufficient to identify the network 
connection with which the data packet is associated comprises address data associated with a 
source computer that sent the data packet and address data associated with a destination 
computer to which the data packet is addressed. 

4. (Original) The method of claim 1, wherein the data packet is sent using the TCP/IP suite 
of protocols and said data sufficient to identify the network connection with which the data 
packet is associated comprises an IP address and port number associated with the source 
computer that sent the data packet and an IP address and port number associated with the 
destination computer to which the data packet is addressed. 

5. (Currently Amended) The method of claim 1, further comprising storing the data packet 
in the storage location comprises a location in a host memory associated with the multi-processor 
system. 

6. (Original) The method of claim 5, further comprising sending an interrupt message to a 
driver, the interrupt message comprising data identifying the storage location in host memory in 
which the data packet is stored. 

7. (Cancelled) 

8. (Cancelled) 

9. (Currently Amended) The method of claim [[8]] I, wherein said work queue is a circular 
queue. 

10. (Original) The method of claim 1, further comprising associating the data packet with 
one or more other data packets associated with the same network connection with which the 
received data packet is associated to recreate a network flow associated with said network 
connection. 

11. (Original) The method of claim 10, further comprising analyzing the network flow to 
determine if any security-related event has occurred. 
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12. (Original) The method of claim 11, wherein a security-related event is determined to 
have occurred if the network flow matches a pattern associated with a known attack. 

13. (Original) The method of claim 11, wherein a security-related event is determined to have 
occurred if the network flow deviates from normal and permissible behavior under the network 
protocol under which the data packet was sent. 

14. (Currently amended) A computer program product for routing data packets for network 
flow analysis by a multi -processor system, the computer program product being embodied in a 
computer readable medium and comprising computer instructions for: 

receiving a data packet, the data packet comprising data sufficient to identify a 
network connection with which the data packet is associated; 

calculating a hash value based on said data sufficient to identify the network 
connection with which the data packet is associated; and 

assigning the data packet based on said hash value to a processor of said multi- 
processor system for analysis by using a number of bits of the hash value, wherein the number of 
bits used is not necessarily the total number of bits of the hash value and the number of bits used 
is determined at least in part by the number of processors included in said plurality of processors; 

wherein the data packet is assigned to said one of said plurality of processors by 
storing in a work queue associated with said one of said plurality of processors a pointer to a 
storage location in which data comprising the data packet is stored; and the processor is 
configured to read the pointer, use the pointer to read the data comprising the data packet directly 
from the storage location in which said data comprising the data packet is stored, use the data 
comprising the data packet to perform a network flow analysis with respect to a network flow 
with which the data packet is associated, and store in a return queue associated with the 
processor a data indicating that the processor is finished processing the data comprising the data 
packet; and wherein the data indicating that the processor is finished processing the data 
comprising the data packet is used to determine that the storage location is available to be used to 
store a subsequently received data comprising a subsequently received data packet. 

wh e r e in each of said proc e ssors is configur e d to p e rform concurr e ntly two or 
mor e n e twork flow analysis r e lat e d tasks and data pack e ts ar e assign e d to proc e ssors in a manner 
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that e nabl e s us e of th e r e sp e ctiv e proc e ssors to be maximized ov e n if th e split of information 
flows betw ee n tasks is un e v e n . 

15. (Currently Amended) A system for routing data packets for network flow analysis, 
comprising: 

a plurality of processors configured to perform network flow analysis; 
a network interface card configured to receive data packets via a network 
connection, each data packet comprising data sufficient to identify a network connection with 
which the data packet is associated; and 
a driver configured to: 

calculate a hash value based on said data sufficient to identify the network 
connection with which the data packet is associated; and 

assign the data packet based on said hash value to one of said plurality of 
processors for analysis by using a number of bits of the hash value, wherein the number 
of bits used is not necessarily the total number of bits of the hash value and the number of 
bits used is determined at least in part by the number of processors included in said 
plurality of processors; 

wherein the data packet is assigned to said one of said plurality of processors by 
storing in a work queue associated with said one of said plurality of processors a pointer to a 
storage location in which data comprising the data packet is stored; and the processor is 
configured to read the pointer, use the pointer to read the data comprising the data packet directly 
from the storage location in which said data comprising the data packet is stored, use the data 
comprising the data packet to perform a network flow analysis with respect to a network flow 
with which the data packet is associated, and store in a return queue associated with the 
processor a data indicating that the processor is finished processing the data comprising the data 
packet; and wherein the data indicating that the processor is finished processing the data 
comprising the data packet is used to determine that the storage location is available to be used to 
store a subsequently received data comprising a subsequently received data packet. 

wh e r e in e ach of said proc e ssors is configur e d to p e rform concurr e ntly two 
or mor e network flow analysis r e lated tasks and data pack e ts ar e assign e d to proc e ssors in 
a mann e r that e nabl e s us e of th e r e sp e ctiv e proc e ssors to b e maximized e v e n if th e split 
of information flows between tasks is unev e n . 
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16. (Previously Presented) The system of claim 15, wherein said data sufficient to identify 
the network connection with which the data packet is associated comprises address data. 

17. (Previously Presented) The system of claim 15, wherein said data sufficient to identify 
the network connection with which the data packet is associated comprises address data 
associated with a source computer that sent the data packet and address data associated with a 
destination computer to which the data packet is addressed. 

18. (Previously Presented) The system of claim 15, wherein the data packet is sent using the 
TCP/IP suite of protocols and said data sufficient to identify the network connection with which 
the data packet is associated comprises an IP address and port number associated with the source 
computer that sent the data packet and an IP address and port number associated with the 
destination computer to which the data packet is addressed. 

19. (Previously Presented) The system of claim 15, wherein the driver is further configured 
to associate the data packet with one or more other data packets associated with the same 
network connection with which the received data packet is associated to recreate a network flow 
associated with said network connection. 

20. (Previously Presented) The system of claim 19, wherein the driver is further configured 
to analyze the network flow to determine if any security-related event has occurred. 
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